BlueCoat Proxy – Web URL Category Review / Best Practices

This page will attempt to assist you in building a Web URL Category review process, as well as provide best practice recommendations from BlueCoat and my own personal experience with BlueCoat.

BlueCoat does not update their Web URL Categories very often, but it does happen about once every 12-18 months. In earlier times, they were not very helpful about this and normally only included a single email to subscribed users (a very manual process – it is not created for you when you purchase a BlueCoat device and license), and they would upload the Web URL Category pdf file on their website. In the last couple years, they have provided a bit more detail when they update. Not only will they send out an email, but they will post a note for it on their BTO website, as well as provide some FAQ/KB-type Q&A for us techies to decide how to handle the update (when they split or combine categories). The last update of the Web URL Categories was September 2013 and they provided some very good info this time. Kudos to BlueCoat.

BlueCoat BTO Update:

September 16, 2013
 An enhancement to the Blue Coat URL Categories is scheduled to become effective on November 12, 2013. This notification contains information to assist customers in assessing the potential effect of these enhancements and to plan any necessary adjustments to related Blue Coat solutions. Four categories will be added to provide for improvements in acceptable use and security policies, 13 categories will be renamed to provide clarity of purpose and two categories will be deleted.

A staging and testing period starts effective October 15th 2013, when the category names for both new and renamed categories will be introduced alongside the existing categories. The enhancements will be released as part of the WebFilter database download and will automatically appear in the policy editor, but the new and newly renamed categories will not yet be populated. Effective October 15th, WebPulse Site Review will have the full list of categories with definitions. In the meantime, please view KB5880 for a full list of categories and definitions. The fully implemented change will occur on November 12, 2013, when the new category names will be populated with URLs, and the old category names are removed from the WebFilter database.
For more information of the changes that are taking place, please visit TFA122 and FAQ2806

The 2 links in the snippet above direct you to some good info about what is actually happening in this update.
BlueCoat Technical Alert – TFA122:

      1. Internet Connected Devices
      2. Piracy/Copyright Concerns
      3. Computer/Information Security
      4. Marijuana

      1. LGBT
      2. Pay to Surf

      1. Malicious Sources ------------------> Malicious Sources/Malnets
      2. Online Storage -----------------------> File Storage/Sharing
      3. Web Advertisements ---------------> Web Ads/Analytics
      4. Non-Viewable ------------------------> Non-Viewable/Infrastructure
      5. Computers/Internet -----------------> Technology/Internet
      6. Greeting Cards -----------------------> E-Card/Invitations
      7. Web Applications --------------------> Office/Business Applications
      8. Chat/Instant Messaging -----------> Chat (IM)/SMS
      9. Political/Activist Groups ------------> Political/Social Advocacy
      10. Blogs/Personal Pages -----------> Personal Sites
      11. Open/Mixed Content ---------------> Mixed Content/Potentially Adult
      12. Alternative Sexuality/Lifestyles --> Sexual Expression
      13. Illegal Drugs -------------------------> Controlled Substances

With the amount of changes that are updated in a normal update cycle (above is fairly normal), you will want to be sure to bring this to the attention of the Web URL Category review team that you should be assembling.

URL Category Review team:
Ideally your company’s Web URL Category Review team should be a cross section of various business units across your company. You will want to keep the team small but still include all teams that would have an influence on end user internet usage policies and the like. I would suggest 5-7 representatives across the company.

With that in mind, you are probably already ahead of me here – thinking “We need HR, Legal and Information Security”. While this is true, you may also want to solicit input from a proxy expert, who normally resides on the operations side of the house – think firewall/proxy as they often manage both (firewall/proxy are both perimeter security technologies). You may also want to get input from a cyber security or threat protection team, as they have intimate knowledge into what sorts of categories are known to breed malware and malicious evil. They may also have other tools, not managed by the firewall/proxy team, (think FireEye, Mandiant host security, Bit9, etc…). You may also want to get input from an information rick and/or compliance lead, as they are thinking of different things than the last 2 recommended team members.

Once you have your list of attendees from across the organization, you will need to have a document to work from that explains each category, provides the BlueCoat recommendation, YOUR recommendation, as well as ability to record input from fellow team members on how to handle each category. Lucky for you, I’ve already built this document (rough but it works for this), and am happy to provide it to the public to help you guide your business leaders to a better understanding of what they are able to do with their internet usage policy.

Download The Web URL Category Review Document:
BlueCoat Web Filter URL Category Review

If this post helped you in any way, please feel free to comment or provide feedback.